From 9cb8877a0e6eec0445d57ea9c48a3290aa2fb798 Mon Sep 17 00:00:00 2001
From: "kaf24@firebug.cl.cam.ac.uk" <kaf24@firebug.cl.cam.ac.uk>
Date: Tue, 29 Nov 2005 11:48:33 +0100
Subject: [PATCH] Fix vmx guest issue of allowing accessing supervisor page
 from user level program. In shadow fault, we need to check U/S bit in error
 code. It is just a fix for shadow32.c, for x86_64 code and public code, it is
 already handled.

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>
---
 xen/arch/x86/shadow32.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/xen/arch/x86/shadow32.c b/xen/arch/x86/shadow32.c
index b733c2586c..237f44e95a 100644
--- a/xen/arch/x86/shadow32.c
+++ b/xen/arch/x86/shadow32.c
@@ -2680,6 +2680,16 @@ int shadow_fault(unsigned long va, struct cpu_user_regs *regs)
             domain_crash_synchronous();
         }
 
+        /* User access violation in guest? */
+        if ( unlikely((regs->error_code & 4) && 
+                      !(l1e_get_flags(gpte) & _PAGE_USER)))
+        {
+            SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte ")", 
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
         if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) )
         {
             SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed");
@@ -2693,6 +2703,16 @@ int shadow_fault(unsigned long va, struct cpu_user_regs *regs)
     }
     else
     {
+        /* Read-protection violation in guest? */
+        if ( unlikely((regs->error_code & 1) ))
+        {
+            SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte ")", 
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
+
         if ( !l1pte_read_fault(d, &gpte, &spte) )
         {
             SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed");
-- 
2.30.2